Tentative Intrusion par Kerio

Bonjour, depuis quelques temps j'ai un soucis d'intrusion dont voilà le message:

Détails techniques sur l'intrusion :

Application injectrice : <inconnu>(new line)
Description : <inconnu>(new line)
Version du fichier : (new line)
Produit : (new line)
Version du produit : (new line)
Créé le : N/A(new line)
Modifié le : N/A(new line)
Dernier accès le : N/A

Application cible : \??\C:\WINDOWS\SYSTEM32\winlogon.exe(new line)
Description : winlogon(new line)
Version du fichier : (new line)
Produit : (new line)
Version du produit : (new line)
Créé le : N/A(new line)
Modifié le : N/A(new line)
Dernier accès le : N/A

Adresse de l'injection : 0x77E5D961

Cela se passe chaque fois que je lance firefox.

J'ai fait un scan avec Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 07:51:01, on 01/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Arnaud\Mes documents\Téléchargement\P2P\eMule0.47c-ScarAngel_v1.8-bin\emule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Arnaud\Mes documents\Téléchargement\Sécurité\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7CCBE1B2-3C4D-4558-B381-FA0B9A1C8DC4} - C:\WINDOWS\System32\khfed.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\System32\fcccdca.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\System32\mebgfpqo.dll
O2 - BHO: (no name) - {E3DE4607-84BA-490B-898C-1C66484DBE40} - C:\WINDOWS\System32\njuontus.dll
O2 - BHO: (no name) - {E421B744-12A1-4447-AB8A-DA2F96D9D9EE} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\arutwkro.dll",realset
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Identités - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFBDCF5F-ADB6-43F8-B618-2F79F250ABC3}: NameServer = 212.151.137.166 212.151.136.242
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: fcccdca - C:\WINDOWS\SYSTEM32\fcccdca.dll
O20 - Winlogon Notify: khfed - C:\WINDOWS\System32\khfed.dll
O20 - Winlogon Notify: time_boss_logon - C:\Program Files\Time Boss\time_boss_l4.mik (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Time boss srv (TimeBossSrv) - Unknown owner - C:\Program Files\Time Boss\time_boss_s.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Merci d'avance pour votre aide

Bonjour Virgule

T'es bien infecté !
Dis nous les anti-spywares que tu as stp

**
Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4

Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt ici stp

Bonjour

et tout d'abord merci pour la rapidité de l'intervention.

Réguliérement j'utilise,
le scan avast, ad aware et search and destroy
Je fais le scan avec VundoFix je reviens

Donc j'ai lancé VundoFix = Impeccable

Puis j'ai cliqué sur remove vundo, là il s'est bloqué sur "fcccdca.dll".

J'ai été obligé de tout fermer et redémarré manuellement.

Message à l'ouverture :
Erreur de chargement de C:\WINDOWS\system32\arutwkro.dll
Le module spécifié est introuvable

Voilà le scan


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 08:46:01 01/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\arutwkro.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\System32\defhk.bak1
C:\WINDOWS\System32\defhk.bak2
C:\WINDOWS\System32\defhk.ini
C:\WINDOWS\system32\fcccdca.dll
C:\WINDOWS\system32\hqkvrhvh.dll
C:\WINDOWS\System32\khfed.dll
C:\WINDOWS\System32\orkwtura.ini
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\sstqr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\arutwkro.dll
C:\WINDOWS\system32\arutwkro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\defhk.bak1
C:\WINDOWS\System32\defhk.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\defhk.bak2
C:\WINDOWS\System32\defhk.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\defhk.ini
C:\WINDOWS\System32\defhk.ini H

Apparement il n'est pas allé au bout

Ok, garde Vundofix.

Clic sur démarrer, panneau de configuration, ajouter/supprimer des programmes et désintalle :

- Java version is 1.5.0.6

Puis télécharge et installe Java dernière version (2ème)
---> http://www.java.com/fr/download/manual.jsp



Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Attention, il peut avoir deux, trois rapports mets les tous ici stp
N'hésite pas à créer plusieurs messages les rapports peuvent être long

Dans ajout/suppression de programme j'ai:

J2SE runtime environment 5.0 Update 6

Java (TM) SE Runtime Environment 6 Update 1

et j'ai pas la ligne que tu m'indiques

C'est bien celle-là : J2SE runtime environment 5.0 Update 6

Inutile de télécharger JAVA 6.01 si tu l'as déjà d'installer tu peux passer directement à Comboscan

Fichier : bmb.txt

C:\WINDOWS\System32\fcccdca.dll
C:\WINDOWS\System32\sstqr.dll
C:\WINDOWS\System32\khfed.dll
C:\WINDOWS\System32\bomttcud.dll
C:\WINDOWS\System32\hqkvrhvh.dll
C:\WINDOWS\System32\njuontus.dll
C:\WINDOWS\System32\mebgfpqo.dll
C:\WINDOWS\System32\VundoFixSVC.exe
C:\VundoFix Backups
C:\Program Files\Fichiers communs\Application
C:\Program Files\Fichiers communs\Ankiro
C:\Program Files\SPAMfighter
C:\Program Files\CCleaner
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\LocalService\ntuser.dat
C:\Documents and Settings\Arnaud\Application Data\SPAMfighter
C:\Documents and Settings\Arnaud\Application Data\Apple Computer

Fichier : moved.txt

Directories/Files moved to C:\Deckard\System Scanner\backup

2007-06-01 08:58:32 6240 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\WcesView.log
2007-05-25 09:05:00 0 d-------- C:\DOCUME~1\Arnaud\LOCALS~1\Temp\_avast4_
2006-12-29 18:36:50 0 d--hs---- C:\DOCUME~1\Arnaud\LOCALS~1\Temp\_PegEx~1
2007-06-01 08:56:54 408 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\WCESCOMM.LOG
2007-05-25 09:05:54 16384 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\Perflib_Perfdata_38c.dat
2007-06-01 09:01:44 682 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\jusched.log
2007-05-21 23:30:40 127 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\6DFF1A8A.TMP
2007-05-25 12:01:38 49152 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\~DF9DBF.tmp
2007-05-30 22:46:04 49152 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\~DF3013.tmp
2007-06-01 08:38:58 49152 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\~DFFEF7.tmp
2007-05-29 20:58:14 16384 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\~DF2184.tmp
2007-05-30 20:43:46 9134 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\ms4339.tmp
2007-05-30 20:43:50 9055 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\ms4348.tmp
2007-05-30 22:30:02 208 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\java_install_reg.log
2007-05-20 17:01:06 9741312 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\1019615.msi
2007-05-22 19:25:40 3004 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\DLL_{01740AF5-8D8F-4020-ABA7-B35F91B3AB0F}.ini
2007-05-23 12:01:36 49152 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\~DF9908.tmp
2007-05-23 06:55:10 49152 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\~DF7E0B.tmp
2007-05-23 07:35:42 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\isD9.tmp
2007-05-23 11:43:12 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\isFA.tmp
2007-05-23 07:12:42 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is1B.tmp
2007-05-23 07:09:42 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is3.tmp
2007-05-20 17:01:18 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\isD7.tmp
2007-05-23 06:55:10 217088 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\MSI45B.tmp <Not Verified; Macrovision Corporation; InstallShield (R)>
2007-05-20 15:11:50 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is9.tmp
2007-05-20 17:01:34 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\isDF.tmp
2007-05-23 11:50:42 16384 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\Perflib_Perfdata_64c.dat
2007-05-22 12:46:08 3107 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\h2r3C4.tmp
2007-05-23 06:55:08 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is45A.tmp
2007-05-22 19:25:40 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is3C9.tmp
2007-05-22 21:23:08 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is445.tmp
2007-05-23 19:44:58 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is74.tmp
2007-05-23 19:45:22 0 --a------ C:\DOCUME~1\Arnaud\LOCALS~1\Temp\is7C.tmp
2007-02-28 08:52:30 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat
2007-03-03 14:46:16 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_5c4.dat
2007-03-03 18:22:16 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_620.dat
2007-02-26 09:14:10 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_580.dat
2007-01-08 15:45:54 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_778.dat
2007-01-06 17:29:16 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_780.dat
2006-12-05 20:41:18 0 d-------- C:\WINDOWS\temp\_avast4_
2006-12-05 20:51:00 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_75c.dat
2006-12-08 09:55:18 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_7e0.dat
2006-12-11 14:08:12 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_690.dat
2006-12-11 20:22:18 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_774.dat
2007-02-15 07:07:00 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_760.dat
2006-12-17 18:52:36 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_7b8.dat
2007-04-14 19:06:08 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_618.dat
2007-05-25 09:04:16 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_5a4.dat
2006-12-31 10:08:10 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_734.dat
2007-02-08 20:54:54 0 d-------- C:\WINDOWS\temp\WER30D3.tmp.dir00
2007-02-10 07:17:20 0 d-------- C:\WINDOWS\temp\WER32D3.tmp.dir00
2007-02-10 07:20:46 0 d-------- C:\WINDOWS\temp\WER32D4.tmp.dir00
2007-02-10 07:22:32 0 d-------- C:\WINDOWS\temp\WER32D5.tmp.dir00
2007-02-10 07:29:50 0 d-------- C:\WINDOWS\temp\WER32D6.tmp.dir00
2007-02-10 07:34:58 0 d-------- C:\WINDOWS\temp\WER32D8.tmp.dir00
2007-02-10 07:34:58 0 d-------- C:\WINDOWS\temp\WER32D7.tmp.dir00
2007-02-10 07:37:22 0 d-------- C:\WINDOWS\temp\WER32D9.tmp.dir00
2007-02-10 07:45:34 0 d-------- C:\WINDOWS\temp\WER32DA.tmp.dir00
2007-02-16 10:01:52 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_48c.dat
2007-03-04 16:09:02 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_78c.dat
2007-02-21 19:07:24 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_610.dat
2007-02-21 20:09:52 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_614.dat
2007-05-20 09:26:08 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat
2007-04-01 09:40:18 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_770.dat
2007-03-01 09:05:12 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_550.dat
2007-04-16 08:36:52 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_548.dat
2007-04-16 09:26:18 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_660.dat
2007-04-17 08:41:02 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat
2007-05-14 09:48:56 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_1d4.dat
2007-04-22 15:39:04 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_788.dat
2007-04-30 07:01:26 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat
2007-05-07 15:12:32 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_590.dat
2007-05-13 12:31:06 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_56c.dat
2007-05-19 09:18:52 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_518.dat
2007-05-20 12:20:50 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat
2007-05-23 07:07:38 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_504.dat
2007-05-27 09:52:28 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_594.dat
2007-05-30 23:32:34 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_664.dat
2002-07-25 18:13:12 196608 --a------ C:\WINDOWS\Downloaded Program Files\dwusplay.exe <Not Verified; InstallShield Software Corporation; InstallShield Update Service>
2002-07-25 18:13:18 24576 --a------ C:\WINDOWS\Downloaded Program Files\dwusplay.dll <Not Verified; InstallShield Software Corporation; InstallShield Update Service>
2004-06-14 17:17:16 323584 --a------ C:\WINDOWS\Downloaded Program Files\isusweb.dll <Not Verified; InstallShield Software Corporation; InstallShield Update Service>
2006-11-22 21:12:28 73216 --a------ C:\WINDOWS\Downloaded Program Files\Account.dll <Not Verified; TechCity Solutions; Configurateur Internet>
2005-08-14 00:26:04 113664 --a------ C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx <Not Verified; Microsoft Corporation; MsnMessengerSetupDownloader>

-*- End of Logfile -*-

Fichier : main.txt

Deckard's System Scanner v20070426.43
Run by Arnaud on 2007-06-01 at 09:19:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
10: 2007-06-01 07:19:08 UTC - RP961 - Deckard's System Scanner Restore Point
9: 2007-05-31 23:37:36 UTC - RP960 - Point de vérification système
8: 2007-05-30 22:37:30 UTC - RP959 - Point de vérification système
7: 2007-05-29 21:57:39 UTC - RP958 - Point de vérification système
6: 2007-05-28 20:58:52 UTC - RP957 - Point de vérification système


-- First Restore Point --
1: 2007-05-23 17:46:08 UTC - RP952 - Installé SPAMfighter


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Arnaud.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:20:05, on 01/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Arnaud\Bureau\dss.exe
C:\DOCUME~1\Arnaud\MESDOC~1\TÉLÉCH~1\SÉCURITÉ\Arnaud.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7627E8E1-31D7-4C3A-B9B3-5AD4B78EF685} - C:\WINDOWS\System32\khfed.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\System32\fcccdca.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\System32\mebgfpqo.dll
O2 - BHO: (no name) - {E3DE4607-84BA-490B-898C-1C66484DBE40} - C:\WINDOWS\System32\njuontus.dll
O2 - BHO: (no name) - {E421B744-12A1-4447-AB8A-DA2F96D9D9EE} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\arutwkro.dll",realset
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Identités - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: fcccdca - C:\WINDOWS\SYSTEM32\fcccdca.dll
O20 - Winlogon Notify: khfed - C:\WINDOWS\System32\khfed.dll
O20 - Winlogon Notify: time_boss_logon - C:\Program Files\Time Boss\time_boss_l4.mik (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Time boss srv (TimeBossSrv) - Unknown owner - C:\Program Files\Time Boss\time_boss_s.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe


-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R0 xmasscsi - c:\windows\system32\drivers\xmasscsi.sys
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 Cnxtdiag - c:\windows\system32\drivers\cnxtdiag.sys <Not Verified; Conexant Systems; Diagnostic Interface>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>

S0 AmdAcpi (AmdAcpi Bus Filter Driver) - c:\windows\system32\drivers\amdacpi.sys (file missing)
S0 xmasbus - c:\windows\system32\drivers\xmasbus.sys (file missing)
S1 amdtools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys (file missing)
S1 obvious - c:\windows\system32\drivers\obvious.sys (file missing)
S1 SpyEmrg (Spy Emergency Driver) - c:\windows\system32\drivers\spyemrg.sys (file missing)
S3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 ProtoWall (ProtoWall Defender) - c:\windows\system32\drivers\protowall.sys (file missing)
S3 SQTECH905C (DaulCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 I2tbtci -
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - c:\program files\tuneup utilities 2004\winstylerthemesvc.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>

0


-- Files created between 2007-05-01 and 2007-06-01 -----------------------------

2007-06-01 08:53:47 24576 --a------ C:\WINDOWS\System32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-06-01 08:46:00 0 d-------- C:\VundoFix Backups
2007-06-01 08:28:53 0 d-------- C:\Program Files\CCleaner
2007-05-31 12:05:38 50740 --a------ C:\WINDOWS\System32\mebgfpqo.dll
2007-05-28 12:10:04 124436 --a------ C:\WINDOWS\System32\njuontus.dll
2007-05-26 12:45:28 50745 --a------ C:\WINDOWS\System32\bomttcud.dll
2007-05-23 21:10:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-05-23 19:47:26 0 d-------- C:\Program Files\Fichiers communs\Ankiro
2007-05-23 19:47:16 0 d-------- C:\Program Files\Fichiers communs\Application
2007-05-23 19:46:57 0 d-------- C:\Program Files\SPAMfighter
2007-05-23 12:07:30 49204 --a------ C:\WINDOWS\System32\hqkvrhvh.dll
2007-05-23 11:58:11 262708 ---hs---- C:\WINDOWS\System32\khfed.dll
2007-05-23 07:27:50 0 d-------- C:\Documents and Settings\Arnaud\Application Data\SPAMfighter
2007-05-23 07:19:46 262708 ---hs---- C:\WINDOWS\System32\sstqr.dll
2007-05-19 19:24:10 245760 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-05-19 12:20:16 29206 -----n--- C:\WINDOWS\System32\fcccdca.dll
2007-05-13 17:23:21 0 d-------- C:\Documents and Settings\Arnaud\Application Data\Apple Computer

Désolé pour les deux parties mais le message était trop long

-- Find3M Report ---------------------------------------------------------------

2007-04-18 12:28:16 290816 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic pour Windows>
2007-04-18 12:28:14 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-04-16 12:12:22 0 d-------- C:\Program Files\Micro Scrabble
2007-04-15 09:21:46 0 d-------- C:\Program Files\Namo
2007-03-24 19:33:28 70 --a------ C:\WINDOWS\SCORES.DAT
2007-03-03 09:44:44 2045824 --a------ C:\WINDOWS\System32\kernel1.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7627E8E1-31D7-4C3A-B9B3-5AD4B78EF685} C:\WINDOWS\System32\khfed.dll
{C004A8DA-623A-4409-B6ED-F3E3DA367792} C:\WINDOWS\System32\fcccdca.dll
{C56CB6B0-0D96-11D6-8C65-B2868B609932} C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
{CD3447D4-CA39-4377-8084-30E86331D74C} C:\WINDOWS\System32\mebgfpqo.dll
{E3DE4607-84BA-490B-898C-1C66484DBE40} C:\WINDOWS\System32\njuontus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"ATIPTA"="atiptaxx.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"setup"="rundll32.exe \"C:\\WINDOWS\\System32\\arutwkro.dll\",realset"
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2004\\MemOptimizer.exe\" autostart"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000
"DisableClock"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:00,00,00,00
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C004A8DA-623A-4409-B6ED-F3E3DA367792}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccdca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfed
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\time_boss_logon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ashampoo Magical Defrag.lnk]
"location"="Common Startup"
"item"="Ashampoo Magical Defrag"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"location"="Common Startup"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arnaud^Menu Démarrer^Programmes^Démarrage^Vade Retro pour Outlook Express.lnk]
"location"="Startup"
"item"="Vade Retro pour Outlook Express"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-aware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ad-aware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CookiePatrol"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeAlarm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ChamClock"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPMemCheck"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoboTaskBarIcon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uvPL"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-06-01 at 09:21:07 ---------

Fichier : extra.txt
Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 1.0
Architecture: X86; Language: French

CPU 0: mobile AMD Athlon(tm) 4
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 511.48 MiB / 283.43 MiB
Pagefile Memory (total/avail): 1248.8 MiB / 1069.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1980.39 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 14.98 GiB total, 2.86 GiB free.
D: is Fixed (FAT32) - 12.91 GiB total, 8.61 GiB free.
E: is CDROM (No Media)
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer is ready and waiting.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Arnaud\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=NOM-ZKWWS2LU8WT
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Arnaud
LOGONSERVER=\\NOM-ZKWWS2LU8WT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\Fichiers communs\Ulead Systems\Mpeg;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Arnaud\LOCALS~1\Temp
TMP=C:\DOCUME~1\Arnaud\LOCALS~1\Temp
USERDOMAIN=NOM-ZKWWS2LU8WT
USERNAME=Arnaud
USERPROFILE=C:\Documents and Settings\Arnaud
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Propriétaire (admin)
Arnaud (admin)
Administrateur (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21313051-BEA2-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CAF07A2-BEA4-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D1B8E00-39E3-4810-BAB1-693E31CEFC42}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7052066D-7016-11D5-B89E-00B0D0D26B88}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D54AAC0A-BE99-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Advanced Excel 2000 Password Recovery --> C:\PROGRA~1\ae2000pr\UNWISE.EXE C:\PROGRA~1\ae2000pr\INSTALL.LOG
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x40c -uninst
ATI Display Driver Utilities --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Axialis IconWorkshop 5.0 --> C:\Program Files\Axialis\IconWorkshop\UnInstall.exe "IconWorkshop" "IconWorkshop.exe"
Bled Pour Tous --> C:\Program Files\HachetteEducation\Bled Pour Tous\UnInstall.exe C:\PROGRA~1\HACHET~1\BLEDPO~1\INSTALL.LOG
Brikanoïd --> C:\PROGRAM FILES\JEUX\Uninstal.exe
Bubble Shooter v5.02 --> "C:\Program Files\Absolutist.com\BubbleS5\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
ClonyXXL v2.0.0.6 FR --> "C:\Program Files\ClonyXXL\unins000.exe"
Codeur Windows Media Série 9 --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9 --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif Windows XP - KB842787 --> C:\WINDOWS\$NtUninstallKB842787$\spuninst\spuninst.exe
Crazy Browser version 1.05 --> "C:\Program Files\Crazy Browser\unins000.exe"
dBpowerAMP Musepack Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
dBpowerAMP WMA V9 Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
Diddl Screenmate --> C:\Program Files\Diddl Screenmate\Diddl_Scr.exe -uninstall
DVgate --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Effaceur V1.0 --> "C:\Program Files\Effaceur\unins000.exe"
Extracteur d'Icônes --> C:\Program Files\ExtracteurIcones\Uninstal.exe
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Generic SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1106&DEV_3068&SUBSYS_80F6104D\uninst.EXE -U -IVEN_1106&DEV_3068&SUBSYS_80F6104D
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HijackThis 1.99.1 --> C:\Documents and Settings\Arnaud\Mes documents\Téléchargement\Sécurité\HijackThis.exe /uninstall
iCompteur (Mars 2005-2) --> "C:\Program Files\iCompteur\unins000.exe"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kill Process 5.0.0.5 (désinstaller seulement) --> "C:\Program Files\Kill Process\uninstall.exe"
la version d'évaluation de Namo WebEdiotor 6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3FA287-2622-4340-AAF6-0AD29F21A691}\setup.exe" -l0x40c
Lame ACM MP3 Codec --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Micro Scrabble --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Micro Scrabble\ST6UNST.LOG"
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Motion JPEG Software Decoder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
MotionDV STUDIO 5.3E LE for DV --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}\setup.exe" UNINSTALL
MovieShaker 3.2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Creation Pack for WinXP --> MsiExec.exe /X{BE59B914-9B32-43E5-8D2C-521D2F4B06BB}
Mp3tag --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSN Messenger 7.5 --> MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
Music Visualizer Library 1.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe"
MyDsc2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x40c
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Net Transport 1.92.273 --> "C:\Program Files\Xi\NetTransport 2\unins000.exe"
Ogg Vorbis CLI --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-Ogg Vorbis CLI.dat
OpenMG Secure Module 3.0.01 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A228A09C-4826-42E0-A3D8-95B2BAAB5049}\setup.exe" /UNINSTALL
OpenOffice.org 2.0 --> MsiExec.exe /I{E2055AB2-D1C7-4147-A384-2B4B1C04282B}
PC Inspector smart recovery --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x40c
PDF Editeur 2 --> C:\WINDOWS\cadkasdeinst01f.exe "C:\Program Files\PDF Editeur 2\"
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1036
RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Smart Capture --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B6F4C00-E935-11D3-A98A-0080986030D9}\Setup.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SonicStage --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E535DC62-56D6-11D5-8AE3-00105A7276CD}\Setup.exe" UNINSTALL
SonicStage Module de gravure de CD-R --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}\Setup.exe"
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Sudoku --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB8D38CE-55A2-4EB8-8137-198D5C07D444}\Setup.exe" -l0x40c
Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
Super Mahjong --> "C:\Program Files\Super Mahjong\unins000.exe"
SuperCopier2 --> "C:\Program Files\SuperCopier2\SC2Uninst.exe"
TuneUp Utilities 2004 --> MsiExec.exe /I{2C3738C9-56FA-410A-BCB5-79C5DFD238F0}
Ulead VideoStudio 10 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x40c
VAIO System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2366D960-F00F-11D3-99D3-00C04FCCB775}\setup.exe"
Video Stream Driver for Panasonic DVC --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9A97D672-6C93-4DFA-B527-DE005A761495} /l1036
VideoLAN VLC media player 0.7.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VirtualDubMOD 1.5.10.1 b2439 Fr --> C:\Program Files\VirtualDubMOD\UnInstall_VDMOD.exe
Visual Zip Password Recovery Processor --> C:\Program Files\Visual Zip Password Recovery Processor\uninstall.exe
WinHTTrack Website Copier 3.40-2 --> "C:\Program Files\WinHTTrack\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-06-01 at 09:21:07 ---------

ok, je te réponds dans quelques minutes

Pas de soucis,

mercivd'vance du temps que tu prends pour m'aider

Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous


C:\Deckard
C:\VundoFix Backups
C:\WINDOWS\System32\mebgfpqo.dll
C:\WINDOWS\System32\njuontus.dll
C:\WINDOWS\System32\bomttcud.dll
C:\WINDOWS\System32\hqkvrhvh.dll
C:\WINDOWS\System32\khfed.dll
C:\WINDOWS\System32\sstqr.dll
C:\WINDOWS\System32\fcccdca.dll
C:\WINDOWS\System32\kernel1.exe

Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
Clic sur le boutton rouge Moveit et ferme OTMoveIt
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles



En mode sans échec :
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

Exécute à nouveau Vundofix et fais un scan complet avec Avast.
Dès qu'ils ont terminé, passe à la suite.


Toujours en mode sans échec :

Fais un nettoyage complet avec CCleaner : nettoyage + erreur (pense à utiliser ce logiciel très souvent)

Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,<gras>supprime les</gras>. Enregistre le rapport et colle le ici avec un nouveau rapport hijackthis stp

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel

Si tu n'arrives pas à le mettre à jour prends ici les mises à jour
http://downloads.ewido.net/avgas-signatures-full-current.exe


Bon courage

C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files moved successfully.
C:\Deckard\System Scanner\backup\WINDOWS\temp\_avast4_ moved successfully.
C:\Deckard\System Scanner\backup\WINDOWS\temp moved successfully.
C:\Deckard\System Scanner\backup\WINDOWS moved successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\Arnaud\LOCALS~1\Temp\_avast4_ moved successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\Arnaud\LOCALS~1\Temp moved successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\Arnaud\LOCALS~1 moved successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\Arnaud moved successfully.
C:\Deckard\System Scanner\backup\DOCUME~1 moved successfully.
C:\Deckard\System Scanner\backup moved successfully.
C:\Deckard\System Scanner moved successfully.
C:\Deckard moved successfully.
C:\VundoFix Backups moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mebgfpqo.dll
C:\WINDOWS\System32\mebgfpqo.dll NOT unregistered.
C:\WINDOWS\System32\mebgfpqo.dll moved successfully.
C:\WINDOWS\System32\njuontus.dll unregistered successfully.
C:\WINDOWS\System32\njuontus.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bomttcud.dll
C:\WINDOWS\System32\bomttcud.dll NOT unregistered.
C:\WINDOWS\System32\bomttcud.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hqkvrhvh.dll
C:\WINDOWS\System32\hqkvrhvh.dll NOT unregistered.
C:\WINDOWS\System32\hqkvrhvh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\khfed.dll
C:\WINDOWS\System32\khfed.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\khfed.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\sstqr.dll
C:\WINDOWS\System32\sstqr.dll NOT unregistered.
C:\WINDOWS\System32\sstqr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fcccdca.dll
C:\WINDOWS\System32\fcccdca.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\fcccdca.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\kernel1.exe moved successfully.

Created on 06/01/2007 10:22:03

Tu es rapide

Par contre moi je tiens plus debout il est 4h35 ..
Je te laisse finir tout ça, ton problème devrait9commencer à se régler ça ne sera pas pour autant terminé il restera quelques petites choses à régler.

Tu vas certainement avoir vite terminé, donc comme je serais entrain de dormir n'hésite pas à faire un scan en ligne


Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

---> http://webscanner.kaspersky.fr/

- Démarrer Online Scanner
- Accept
- Scanne complétement ton (tes) disques dur


Si quelqu'un passe dans le coin il te donnera certainement un coup de main le cas échéant je te répondrais dès que j'me léve

A plus tard ++

Logfile of HijackThis v1.99.1
Scan saved at 16:47:56, on 01/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Arnaud\Mes documents\Téléchargement\Sécurité\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {807CE3A6-9052-47EB-82B5-E7099CF776AB} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)
O2 - BHO: (no name) - {E3DE4607-84BA-490B-898C-1C66484DBE40} - (no file)
O2 - BHO: (no name) - {E421B744-12A1-4447-AB8A-DA2F96D9D9EE} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Identités - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: time_boss_logon - C:\Program Files\Time Boss\time_boss_l4.mik (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Time boss srv (TimeBossSrv) - Unknown owner - C:\Program Files\Time Boss\time_boss_s.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:41:45 01/06/2007

+ Résultat de l'analyse:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp -> Adware.CoolWebSearch : Ignoré.
C:\System Volume Information\_restore{DB4607B3-9650-4F7E-9DEC-094CD0FB4EE2}\RP962\A0481299.DLL -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\fcccdca.dll.bad -> Adware.Virtumonde : Ignoré.
C:\_OTMoveIt\MovedFiles\VundoFix Backups\fcccdca.dll.bad -> Adware.Virtumonde : Ignoré.
C:\Documents and Settings\Arnaud\Mes documents\Shared\Ewido Anti-Spyware 4_[By_STM].rar/Patch.exe -> Not-A-Virus.Hacktool.Crack : Ignoré.
:mozilla.620:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.621:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.492:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.354:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.355:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.6:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adition : Ignoré.
:mozilla.7:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adition : Ignoré.
:mozilla.252:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.253:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.248:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.249:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.250:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.251:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.254:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.382:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Adviva : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@adviva[2].txt -> TrackingCookie.Adviva : Ignoré.
:mozilla.335:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
:mozilla.208:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.503:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Com : Ignoré.
:mozilla.236:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.257:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@estat[1].txt -> TrackingCookie.Estat : Ignoré.
:mozilla.577:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
:mozilla.108:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.56:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Gemius : Ignoré.
:mozilla.57:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Gemius : Ignoré.
:mozilla.58:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Gemius : Ignoré.
:mozilla.298:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Hitbox : Ignoré.
:mozilla.822:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Hitbox : Ignoré.
:mozilla.826:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Hitbox : Ignoré.
:mozilla.881:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Hitbox : Ignoré.
:mozilla.882:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Hitbox : Ignoré.
:mozilla.883:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@hotlog[1].txt -> TrackingCookie.Hotlog : Ignoré.
:mozilla.138:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignoré.
:mozilla.139:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignoré.
:mozilla.873:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Information : Ignoré.
:mozilla.321:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré.
:mozilla.260:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
:mozilla.81:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Paypal : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@www.paypal[1].txt -> TrackingCookie.Paypal : Ignoré.
:mozilla.543:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Questionmarket : Ignoré.
:mozilla.641:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Revsci : Ignoré.
:mozilla.642:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Revsci : Ignoré.
:mozilla.643:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Revsci : Ignoré.
:mozilla.603:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.604:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.605:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.606:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.607:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.608:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.570:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Sexcounter : Ignoré.
:mozilla.571:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Sexcounter : Ignoré.
:mozilla.572:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Sexcounter : Ignoré.
:mozilla.573:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Sexcounter : Ignoré.
:mozilla.204:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.205:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.206:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.207:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@specificclick[2].txt -> TrackingCookie.Specificclick : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@spylog[1].txt -> TrackingCookie.Spylog : Ignoré.
:mozilla.276:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.277:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.278:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.279:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.284:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Toplist : Ignoré.
:mozilla.222:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.223:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.224:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.225:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.226:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.600:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Trafic : Ignoré.
:mozilla.109:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignoré.
:mozilla.237:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.239:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.850:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Webtrends : Ignoré.
:mozilla.261:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignoré.
:mozilla.262:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignoré.
:mozilla.86:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Yadro : Ignoré.
:mozilla.87:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Yadro : Ignoré.
C:\Documents and Settings\Arnaud\Cookies\arnaud@yadro[1].txt -> TrackingCookie.Yadro : Ignoré.
:mozilla.100:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.98:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.99:C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\3qnj98gj.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.


Fin du rapport

Télécharge ceci
http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

Clic sur Start disinfection
Clic sur "LOg"
Le rapport s'ouvre, copie et colle le contenu ici stp


¤ Nettoyage avec CCleaner a effectué (voir mon message précédent)

¤ Recommence le scan complet de ton PC avec AVG et supprime tout, car là tout est ignoré.

¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {807CE3A6-9052-47EB-82B5-E7099CF776AB} - (no file)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)
O2 - BHO: (no name) - {E3DE4607-84BA-490B-898C-1C66484DBE40} - (no file)
O2 - BHO: (no name) - {E421B744-12A1-4447-AB8A-DA2F96D9D9EE} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start


¤ Puis on vera ce que donn ele rapport chez Kaspersky

A++

(6/1/07 21:24:46) SPSeHjFix started v1.1.2
(6/1/07 21:24:46) OS: WinXP Service Pack 1 (5.1.2600)
(6/1/07 21:24:46) Language: français
(6/1/07 21:24:46) Win-Path: C:\WINDOWS
(6/1/07 21:24:46) System-Path: C:\WINDOWS\System32
(6/1/07 21:24:46) Temp-Path: C:\DOCUME~1\Arnaud\LOCALS~1\Temp\
(6/1/07 21:24:48) Disinfection started
(6/1/07 21:24:48) Bad-Dll(IEP): (not found)
(6/1/07 21:24:48) Bad-Dll(IEP) in BHO: (not found)
(6/1/07 21:24:48) UBF: 4 - UBB: 8 - UBR: 12
(6/1/07 21:24:48) UBF: 4 - UBB: 8 - UBR: 12
(6/1/07 21:24:48) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
(6/1/07 21:24:48) Stealth-String not found
(6/1/07 21:24:48) Not infected->END

Re bonjour,

J'ai passé CCcleaner, et pour le reste il va falloir patienter car je ne serais de retour en ligne que lundi matin.
Bon week end et à lundi

Pas de souci !

Bon week-end à toi aussi

A++